Lucene search

SEC-VLabCVELIST:CVE-2023-49114

HistoryFeb 26, 2024 - 12:19 p.m.

CVE-2023-49114 Local Privilege Escalation via DLL Hijacking

2024-02-2612:19:44

CWE-427

SEC-VLab

www.cve.org

cve-2023-49114

local privilege escalation

dll hijacking

qognify vms client viewer

arbitrary code execution

higher privileges

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMS Client Viewer",
    "vendor": "Qognify",
    "versions": [
      {
        "status": "affected",
        "version": ">=7.1"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Mar/10

r.sec-consult.com/qognify